Biometrics is a way of authenticating personal identities by combining computers, optical, acoustical, and biological sensors, the principles of biostatistics, and other high-tech methods and using the inherent physiological characteristics (e.g., fingerprints, voice prints, faces, irises, etc.) of the human body as well as behavioral characteristics (e.g., handwriting, voice, gait, etc.) to identify individuals. Facial recognition technology has the advantages over other biometrics of being accurate, non-invasive, and in real time. Therefore, it is widely applied in various sectors of society, such as video monitoring, facial recognition-based attendance checking, and identity authentication systems.
In the field of identity authentication, particularly in the field of facial recognition-based identity authentication, the related art generally authenticates identities according to the following two techniques:
In the first technique, a facial image recognition-based identity authentication system carries out recognition and authentication by using a camera to capture facial images of users. In the facial recognition process, the system extracts characteristic information about the facial images. However, a photograph of a person and the facial images acquired by a video camera have almost the same characteristics. Thus, it is possible to simulate the effects of an actual person and cheat the authentication system by subjecting the photograph of a face to rotation, flipping, bending, and other such operations in front of the image-capturing device. Therefore, a facial image recognition-based identity authentication system is vulnerable to attacks by photographs of legitimate users and three-dimensional models of legitimate users.
In the second technique, in a facial image recognition-based identity authentication system, a human face within an image frame undergoes facial recognition, characteristic point extraction, facial characteristic point comparison, action recognition, etc. A living, real person is assessed primarily using the forms of facial expressive activity. The user is prompted to perform one or more actions (such as nodding or shaking the head, eye-blinking, or opening the mouth), and the system receives the corresponding actions performed by the user. The person's actions are computed and analyzed using the consecutive images that were taken. Specifically, real-time images are shot of a user with a video camera in order to acquire facial images. Representative characteristic points are extracted from the facial images, and these points include, but are not limited to, the nose, the eyebrows, the mouth, and other such characteristics. Methods such as rule-based methods or machine learning are then applied to the consecutive changes in the characteristic points of the consecutive, multi-frame images so as to assess whether there is a certain action (including, but not limited to: nodding or shaking the head, eye-blinking, or opening the mouth). Thereupon, the system assesses the correctness of the user's action and thus determines whether the real-time images correspond to a real person. Such a facial image recognition-based identity authentication system is subject to the following three forms of attack:
1. Video playback attack: actions are simulated by using video images of appropriate actions recorded in advance, and in this way the facial live recognition system is attacked.
2. Consecutive picture attack: actions are simulated by playing consecutive image slides, and in this way the facial live recognition system is attacked.
3. Facial action software simulation attack: a video playback attack and facial action software simulation attack acquire photographs of a legitimate user. The images of head-nodding, shaking, eye-blinking, and other such actions are synthesized through software simulation, and in this way the facial live recognition system is attacked.
An effective solution is needed to address the problem because existing live recognition-based authentication systems are still vulnerable to video or image attacks in which illegitimate users make use of the simulated actions of legitimate users described above.